AUTHENIX is a GDPR compliant broker for authentication tokens and personal information.

AUTHENIX infographics.
AUTHENIX infographics

An application, registered with AUTHENIX, can use the OAuth2 and OpenID Connect API to obtain bearer tokens, an id token and fetch personal information about the authenticated user. Any user from a trusted Identity Provider can login with the application. The ability of the application to fetch personal information about the user is controlled via the following policies:

  • IdP Policy: Information about the Identity Provider
  • ID Policy: User is identified by a unique cryptonym
  • Profile Policy: Personal information as defined by OpenID Connect under scope profile
  • Email Policy: The email of the acting user
At the time of application registration, the registering user can select none, one or multiple policies. According to that selection, AUTHENIX makes personal information available to the application. When no policy is selected, the user cannot be identified. In other words, the user acts as an authenticated user but neither can the user be identified nor does personal information becomes available. In any case, the user must approve the transfer of personal information to the application the first time. The user can suppress the re-approval for subsequent logins when selecting the "remember" option. The approval can be revoked at any time via the "Trusted Applications" menue.

The personal information received from the Identity Provider can be accessed via the "Personal Information" menue. This information is not stored; it is only available for the authenication session.

Each time that personal information is conveyed to an application, AUTHENIX stores that record encrypted. All records of personal data can be reviewed via the "Personal Infomation" menue. The records can be downloaded in JSON and CSV format to be loaded, for example in Excel. The stored records can be deleted by the user.

According to GDPR, user has the ability to delete the account via the "Forget Me" menue. The execution removes all personal information records as well as all access and refresh tokens that may exist. The removal of these tokens will cause all dependend applications to stop functioning.